Permalink
Browse files

Fix crash when report_bug_threshold=array in access_has_bug_level

When displaying a bug for which the user is not the reporter,
$g_limit_reporters=ON and the workflow is set so report_bug_threshold is
an array, MantisBT crashes with "PHP Fatal error: Unsupported operand
types".

This is due to use of '+ 1' to indicate that user should have the next
higher access level to view the issue. We now use the same logic but
within a foreach loop to check against each array element.

Fixes #15538
  • Loading branch information...
1 parent b41b528 commit 957b3c091902599cdb031498b79e1288dfbcfdc3 @dregad dregad committed Feb 25, 2013
Showing with 14 additions and 2 deletions.
  1. +14 −2 core/access_api.php
View
@@ -417,8 +417,20 @@ function access_has_bug_level( $p_access_level, $p_bug_id, $p_user_id = null ) {
# reporters can view just issues they reported
$t_limit_reporters = config_get( 'limit_reporters', null, $p_user_id, $t_project_id );
$t_report_bug_threshold = config_get( 'report_bug_threshold', null, $p_user_id, $t_project_id );
- if ( $t_limit_reporters && !bug_is_user_reporter( $p_bug_id, $p_user_id ) && !access_has_project_level( $t_report_bug_threshold + 1, $t_project_id, $p_user_id ) ) {
- return false;
+ if( !is_array( $t_report_bug_threshold ) ) {
+ $t_report_bug_threshold = array( $t_report_bug_threshold );
+ }
+ if( $t_limit_reporters && !bug_is_user_reporter( $p_bug_id, $p_user_id ) ) {
+ $t_has_access = false;
+ foreach( $t_report_bug_threshold as $t_threshold ) {
+ if( access_has_project_level( $t_threshold + 1, $t_project_id, $p_user_id ) ) {
+ $t_has_access = true;
+ break;
+ }
+ }
+ if( !$t_has_access ) {
+ return false;
+ }
}
# If the bug is private and the user is not the reporter, then

2 comments on commit 957b3c0

Member

atrol commented on 957b3c0 Feb 25, 2013

Proposal for better performance in standard configuration ($g_limit_reporters = OFF;)

The following code must not always be executed:

    $t_report_bug_threshold = config_get( 'report_bug_threshold', null, $p_user_id, $t_project_id );
    if( !is_array( $t_report_bug_threshold ) ) {
        $t_report_bug_threshold = array( $t_report_bug_threshold );
    }

Placing the code after line

if( $t_limit_reporters && !bug_is_user_reporter( $p_bug_id, $p_user_id ) ) {

should work

Owner

dregad replied Feb 26, 2013

Thanks, I was actually thinking about optimizing this on the way back home yesterday, and also a way to avoid looping on all array elements which is not always necessary if we know the access level. I'll do a follow-up commit later on.

Please sign in to comment.